News Items

The banking Trojan Grandoreiro has been discovered by ESET researchers to be exploiting the COVID-19 crisis to attack users. According to ESET, the videos on fake websites claiming to provide important information about the virus are being used to mask the Trojan. Grandoreiro has been in operation since 2016, primarily targeting users in Brazil, Mexico, Spain, and Peru via email spam. Now the Trojan has expanded its targeting through the abuse of the pandemic. Once the Trojan infects a machine, it can manipulate windows, record keystrokes, block access to websites, and more. In other versions, it can steal credentials stored in Google Chrome. This article continues to discuss the operation, targets, techniques, and continued development of the Grandoreiro Trojan.

Infosecurity Magazine reports "Researchers Spot Banking Trojan Using COVID-19 Crisis to Attack Users"

Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers.

If asked, most people would likely say that they are concerned about their online privacy. However, previous studies have shown that, in reality, people often willingly disclosure their private information online. A new study conducted by a team of researchers at Pennsylvania State University reveals a number of subtle reasons as to why people fail to take precautions to protect their privacy online. According to the researchers, there are specific psychological cues that increase the chances of people sharing their private information such as social security numbers or phone numbers. These cues exploit pre-existing beliefs about authority, reciprocity, instant gratification, control, transparency, and more. In this study, researchers identified 12 heuristics or mental shortcuts that play a role in privacy disclosure. One such example would be the "bandwagon heuristic," in which people think it is safe to reveal their information because others are doing so. This article continues to discuss the study and its findings pertaining to the cues that trigger people to disclose their private information online.

Technology Networks report "A Privacy Paradox: Why Do People So Readily Give Up Information Online?"

A new survey by researchers at Apricorn found that 57 percent of the IT leaders surveyed believe that remote workers from their organizations will expose their organizations to the threat of a data breach. 44 percent of the IT leaders stated that remote workers at their organizations have knowingly put corporate data at risk of a breach in the last year. 34 percent of the IT leaders surveyed believe that apathy is a significant problem remote workers have and believe that remote workers do not care about keeping corporate data secure.

Help Net Security reports: "Most IT Leaders Believe Remote Workers are a Security Risk"

Cybercriminals are using the distribution of stimulus payments aimed at fighting the negative economic impact of the coronavirus pandemic to steal data and money. Researchers at Check Point discovered an increase in malicious stimulus-themed websites and emails. According to the researchers, 4,405 stimulus-related domains have been registered since the beginning of March. The security company also observed an increase in the daily average of COVID-19-related attacks from 14,000 in March to 20,000 in April. Phishing made up more than 90 percent of attacks launched in the past two weeks. This article continues to discuss the rise in fake coronavirus stimulus payment sites and the continued exploitation of the pandemic to commit cybercrimes.

TNW reports "Scammers Are Using Fake Coronavirus Stimulus Payment Sites to Steal Your Money"

CoR&Onavirus

COVID-19 responses highlight issues of resiliency, policy-based governance, and human factors.

Cybersecurity Snapshots #5 -

Automobile Cybersecurity is a Big Issue

In a survey conducted in December of 2019 with 383 small business owners and security leaders, researchers discovered that 15 percent of them suffered either a hack (7%), virus (5%), or a data breach (3%) in 2019. 67 percent of the participants wanted to devote more resources to enhance their cybersecurity in 2020. The researchers also found that the most popular strategies small businesses use for cybersecurity are limiting employee access to data (46%), encrypting data (44%), requiring strong passwords (34%), and training employees on data safety (34%).

CISO MAG reports: "67% of Small Businesses Aim to Increase Cybersecurity in 2020: Report"

A group of US Senators is asking the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the US Cyber Command to provide guidance for the healthcare sector on cybersecurity as COVID-19-related cyber threats continue to grow. The Senators call on CISA and Cyber Command to provide both private and public cyber threat intelligence information about cyberattacks that have the potential to affect the healthcare sector. They also ask CISA and Cyber Command to work with the FBI, Federal Trade Commission, and the Department of Health and Human Services (HHS) to raise public awareness surrounding cyber espionage, cybercrime, and disinformation campaigns. This article continues to discuss what the Senators are asking of the CISA and Cyber Command regarding cyber threat guidance for healthcare during the pandemic, as well as the recent targeting of healthcare providers by hacking groups with coronavirus-related campaigns.

HealthITSecurity reports "Sens. to DHS CISA: Issue COVID-19 Cyber Threat Guidance for Healthcare"

The US National Security Agency (NSA) and the Australian Signals Directorate released an advisory warning organizations about the increased use of web shell malware by attackers to gain persistent access to compromised networks. Web shells are malicious scripts uploaded to a web server to allow attackers to control the system remotely. Internet-facing web servers, non-internet facing internal content management systems, or network device management interfaces can be infected with web shell malware. The exploitation of web application vulnerabilities and weak server security configuration can lead to the installation of web shell malware. This article continues to discuss the concept of web shells, as well as the prevention and detection of web shell malware installation.

Help Net Security reports "Web Shell Malware Continues to Evade Many Security Tools"

Forcepoint researchers have been analyzing coronavirus-themed attacks between January 19th to April 18th and have found that cybercriminals are adjusting threat levels to evolve with pandemic and typical employment trends. Researchers went through their telemetry for the keywords "COVID" and "corona" in URLs accessed directly over the web or embedded with an email. The researchers found a rise in unwanted emails (malicious, phishing, or spam) regarding COVID-19. During the peak volumes, the researchers identified 1.5 million total COVID-19 related emails per day, which contained both legitimate and malicious traffic related to the current global crises.

Threatpost reports: "Cyberattackers Ramp Up to 1.5M COVID-19 Emails Per Day"

In a new white paper, titled "Restarting the Economy and Avoiding Big Brother," MIT Professor Alex Pentland suggests that policymakers and business leaders consider using digital tools that create safe environments for employees and consumers, and preserve privacy as they grapple the idea of reopening the economy amid the coronavirus pandemic. According to public health officials, personal data must be collected to determine who is at an increased risk of contracting the virus as well as who is healthy and can return to work. However, privacy advocates have expressed concerns about who will access the data and how this data will be stored and used. Professor Pentland proposes the use of advanced computing methods that would preserve health data privacy and data ownership. It was suggested that health certification is performed through the use of high-tech methods that generate risk maps from anonymized data, which are sanitized using differential privacy methods. This article continues to discuss the use of technology to certify a person's health status and support safe environments while also protecting privacy.

TechXplore reports "How Technology Can Help Identify a 'Safe' Workforce and Protect Personal Privacy"

Researchers from a cybersecurity intelligence firm called Cyble discovered a database with 267 million Facebook user profiles, that were being sold on the dark web. Cyble bought the database, to verify the records, and to add them to their firm's breach notification service. They bought the database for $540 or about .0002 cents per record. The records held Facebook users' IDs, full names, email addresses, phone numbers, relationship status, age, and timestamps of the user's last connection. No passwords were exposed. The information in the database is still a perfect tool kit for an adversary to start an email or text phishing campaign. The adversaries could make the texts or emails look like they are from Facebook.

Naked Security reports: "309 Million Facebook Users' Phone Numbers Found Online"

A new survey was completed with more than 500 C-level executives from small and medium businesses. Researchers at Infrascale found that 46 percent of the participants said that their organizations had been the victim of a ransomware attack. 73 percent of the participants that were targets of the ransomware attacks paid the ransom. More than a quarter of the participants said that their organizations did not have a plan in place to mitigate ransomware attacks. A fifth of the participants also felt that their organizations were unprepared for a ransomware attack.

Help Net Security reports: "46% of SMBs Have Been Targeted by Ransomware, 73% Have Paid The Ransom"

Researchers from Harvard and Massachusetts Institute of Technology (MIT) have made an advancement in quantum communication that takes an unhackable quantum internet a step closer to reality. The creation of a quantum network has not yet been achieved largely because of the complexity associated with communicating quantum states of light over long distances without experiencing signal loss. The researchers have now demonstrated the use of prototype quantum node they developed to address the degradation and loss of quantum signals when they are transmitted over long distances. The prototype quantum node is capable of catching, storing, and entangling bits of information. This article continues to discuss the potential uses of a quantum internet, challenges faced in creating a quantum network, and the missing link built by researchers for an internet that is highly secure and impenetrable to hackers.

The Harvard Gazette reports "Toward an Unhackable Quantum Internet"

The Department of Homeland Security (DHS) Science of Technology Directorate (S&T) recently announced the development of a new Cloud-Based Root-of-Trust (CRoT) technology aimed at bolstering the security and privacy of mobile devices. With organizations' increased dependence on mobile devices such as smartphones and tablets to support remote connection and collaboration among employees, customers, and managers amid the coronavirus pandemic, it is important to continue efforts towards improving mobile security. The Corporate-Owned, Personally Enabled (COPE) is a model of device ownership in which mobile devices provided to employees for business communication by their organizations are also used for personal communication. This business model presents new security challenges to organizations as users often prioritize convenience over security when using these devices, thus increasing the risk of accidentally disclosing sensitive information. Enterprise security administrators can set security policies for each user's enterprise mail account using the CRoT technology to ensure the protection of business messages. The technology also allows employees to set privacy controls for their personal emails. This article continues to discuss the increased reliance on mobile devices, the COPE business model, the security challenges created by this model, and the CRoT technology being developed to bolster mobile device email security and privacy.

MeriTalk reports "DHS S&T Moves to Strengthens Mobile Device Email Security and Privacy"

Google has observed a significant surge in the daily distribution of COVID-19-related malware and phishing emails. According to the Internet giant, they are blocking more than 240 million coronavirus-themed spam messages and 18 million malware and phishing emails every day. These numbers further highlight the exploitation of awareness and fear surrounding the pandemic. Some of the phishing emails appear to come from the World Health Organization (WHO), while other messages seem to be sent from employers or the government pertaining to business stimulus packages or work assignments. As remote work increases, organizations must ensure that their employees are aware of cybersecurity best practices for protecting themselves from phishing attacks and other threats. This article continues to discuss the millions of COVID-19 related malicious emails being blocked by Google daily, the tactics used in the phishing emails, the importance of cybersecurity awareness training for employees, and the number coronavirus-themed phishing emails detected by Microsoft.

Infosecurity Magazine reports "Google Sees Millions of COVID-19-Related Malicious Emails Daily"

The U.S. Department of Energy Solar Energy Technologies Office awarded $3.6 million to Alan Mantooth, Distinguished Professor of electrical engineering at the University of Arkansas (UARK) and executive director of the National Center for Reliable Electric Power Transmission. The award was given in support of developing systems that protect solar technologies against cyberattacks. Improving the protection of solar systems and technology enhances security for the national power grid. Mantooth and engineering researchers at the university's National Center for Reliable Electric Power Transmission will lead a multi-institutional research group, including the University of Georgia, the University of Illinois at Chicago, Texas A&M University-Kingsville, the National Renewable Energy Laboratory, Argonne National Laboratory, and General Electric. This article continues to discuss the support, goals, and structure of the UARK-led Multilevel Cybersecurity for Photovoltaic Systems research project.

The University of Arkansas reports "Engineers to Work on Cybersecurity for Systems Linking Solar Power to Grid"

Some organizations are still struggling to determine the potential impact of a software bug on their business. The cybersecurity company Rapid7 set up a project to bring further attention to how crowdsourcing can help organizations rate the severity of security flaws. Rapid7 asked security professionals to use a web platform, called the Attacker Knowledge Base (KB), to evaluate how a vulnerability might affect an organization. They answered questions pertaining to how easy it would be for a hacker to exploit a security flaw, how much access they can gain through the abuse of the vulnerability, and more. The project shows that crowdsourced vulnerability assessments can increase understanding of a software bug's potential impact through individual experts' personal experiences. This article continues to discuss Rapid7's AttackerKB platform, the Common Vulnerability Scoring System (CVSS), and the value of crowdsourced vulnerability assessments.

CyberScoop reports "In Search of a B.S. Filter for Software Bugs"

Researchers from NUS (National University of Singapore) Electrical and Computer Engineering have developed new self-healing and self-concealing Physically Unclonable Functions (PUFs). PUFs use the inherent, unique manufacturing variations in microchips to provide digital fingerprints for devices that can authenticate and secure the devices. This technology also helps to prevent the unlawful cloning of hardware, chip counterfeiting, and physical attacks. However, PUFs still face challenges in regard to stability and occasional fingerprint misidentification. The PUFs created by the researchers address these problems with a novel technique in which on-chip sensors and machine learning algorithms are used to predict and identify PUF instability, as well as make the appropriate adjustments to generate PUF output of higher security and stability. Unusual environmental conditions such as temperature, voltage, and noise that often exploited in the execution of physical attacks can be detected using the technique. This article continues to discuss the NUS research team's newest breakthrough in PUF technology and how this achievement significantly improves hardware security.

NUS News report "New Silicon Chip 'Fingerprint' for Stronger Hardware Security at Low Cost"

Security researchers from White Ops, have discovered an ongoing scheme in which fraudsters are charging advertising companies for ad space on smart TVs, and then not delivering on their promise. The scammers are disguising bot activity which, originates in global data centers as legitimate traffic, to try to dupe anti-fraud services. The researchers found that the scams seem to have started last year, and a cohesive unit of scammers most likely runs the scam campaign.

Cyberscoop reports: "Scammers Are Masquerading as Smart TV Owners to Fleece Advertisers, Researchers Say"

The COVID-19 pandemic has impelled hackers to execute more cyberattacks against hospitals, healthcare systems, clinical labs, and research centers. Security professionals have observed an increase in ransomware attacks and phishing attacks targeting individuals or companies in the healthcare industry for the purpose of financial gain and stealing personal information. The rise in healthcare employees who are not on the front lines working at home, as well as the increase in telemedicine, also contributes to the increased vulnerability of healthcare systems to hacking. This article continues to discuss the targeting of the healthcare sector by hackers during the pandemic and recent cases in which organizations within the healthcare sector have fallen victim to attacks.

NextGov reports "Hospital Hackers Seize Upon Coronavirus Pandemic"

Cars are becoming more connected and should meet the highest level of security, safety, and performance. However, that is not always the case. As cars have become more connected and have more autonomous features, cars are extremely susceptible to malicious cyberattacks and could be potentially weaponized by adversaries. In the future, all vehicles must be secure by design. Cybersecurity needs to be embedded in the first stages of the car's design before they are manufactured.

Help Net Security reports: "Are we Doing Enough to Protect Connected Cars?"

The Mediterranean Shipping Company (MSC) recently reported a network outage at one of its data centers, which took down its website msc.com and myMSC portal. According to a message posted on Twitter by MSC, there is a chance that malware caused the incident. The outage resulted in the disruption of self-service tools for making and managing bookings on MSC ships. This incident calls for shipping companies and the security community to pay more attention to the presence of cybersecurity vulnerabilities contained by systems within the shipping industry that could be exploited by hackers to disrupt operations. This article continues to discuss the network outage faced by the MSC, the possibility that a cyberattack caused the outage, and how MSC responded to the incident.

Infosecurity Magazine reports "MSC Data Center Closes Following Suspected Cyber-Attack"